News
June 10, 2025

Our measures for safe operation

Safety is our top priority. For Exxas, we have set up a multi-level security architecture and ensure that infrastructure, applications and data are optimally protected. New safety measures are constantly being added. We are now introducing “throttling” for API calls.

Web Application Firewall

One of the most important and effective measures is our Web Application Firewall (WAF). Every incoming connection to Exxas is routed through this security cluster. When you log into Exxas or create a new task, these actions are checked in the same way as when a third-party system accesses data via our API. The systems not only detect and block DDoS attacks in real time, but also check the behavior of users and external apps. If there is strange behavior, accesses are automatically blocked. Starting July 1, 2023, we are also introducing a “throttling” feature that ensures that only a maximum of two requests per second and user can be sent to Exxas. With this control, we protect Exxas from both overload and malicious bots.

The four pillars


Other important components of our security system include four pillars below.

  1. clustered environments: We use several independent web server, management and database clusters. Customer instances (tenants) are evenly distributed across database clusters. Even the failure of one or more servers has no effect on the availability of your data. In this way, we ensure stable and as uninterrupted operation as possible.
  2. Point-in-time backups: By performing point-in-time backups, we record every transaction in Exxas, which allows us to return to any previous point in time within a set period of time and avoid data loss.
  3. General backups: We create full backups of all databases several times a day and, in a second step, back them up to independent, geo-redundant locations. Files and documents in Exxas are stored in geo-redundant object stores. For technical reasons, ransomware (encryption trojans) cannot encrypt object storage. Data integrity is constantly monitored using checksums and damaged data is repaired by ourselves. And yet we back up your files and documents to a separate location every day.
  4. Backup tool for customers: ISO 27001 certification requires vendor-independent backup of important business data. Even without certification, this is highly recommended. The data in Exxas is one of the most important data of all for our customers. That's why we're currently developing a backup tool that customers can install on their own device or virtual machine. This generates backups directly onto your own system and you don't even need IT knowledge.

Even though we've already implemented so many security and control mechanisms, Exxas can continue to set standards in terms of performance. We are particularly proud of this and will continue to implement every reasonable security measure to do everything we can to protect Exxas and your data.

Exxas AG
Rietbachstrasse 10

8952 Schlieren-Zurich


+41 44 552 89 00

info@exxas.net
Industries
StartupAccountantIT & SoftwareLaw firmAgencyRetailTechnology & Plant engineeringArchitects & Engineers
Features
CentralSalesMarketingServiceProjectsProductsHuman ResourcesFinance
Platform
CustomersApps & integrationsTechnologyHelpcenter
Partners
Find a partnerBecome a partnerFind an AccountantDevelopers
Services
Get startedService packagesImplementationSupport
About us
CompanyNews & EventsCareerContact
swiss made software
Imprint
Data protection
Legal
© Exxas AG 2025